ON THIS PAGE
L2 Pod with virtio Interface (Trunk Mode)
Read this topic to learn how to add a user pod with a virtio
trunk-mode interface to an instance of the cloud-native router.
Overview
You can configure a user pod with a Layer 2 trunk-mode virtio interface and attach it to the Cloud-Native Router instance. The Juniper Cloud-Native Router must have an L2 interface configured at the time of deployment. Your high-level tasks are:
-
Define and apply a network attachment definition (NAD)—The NAD file defines the required configuration for Multus to invoke the JCNR-CNI and create a network to attach the pod interface to.
-
Define and apply a pod YAML file to your cloud-native router cluster—The pod YAML contains the pod specifications and an annotation to the network created by the JCNR-CNI.
Note:Please review the Cloud-Native Router Use-Cases and Configuration Overview topic for more information on NAD and pod YAML files.
Note:When deploying a virtio application pod in privileged mode on Microsoft Azure Cloud Platform, it should be compiled with DPDK version greater than 23.11. While invoking the DPDK application, the fabric interfaces used by Cloud-Native Router should be blocked out, for example:
./dpdk_pod_23.11 -b vmbus:000d3a9d-4df3-000d-3a9d-4df3000d3a9d
Configuration Example
- Here is an example NAD to create a Layer 2 trunk-mode virtio interface with
static IPAM:
apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: vswitch spec: config: '{ "cniVersion":"0.4.0", "name": "vswitch", "type": "jcnr", "args": { "instanceName": "vswitch", "instanceType": "virtual-switch", "vlanIdList":"201, 202, 203" }, "ipam": { "type": "static", "capabilities":{"ips":true}, "addresses":[ { "address":"10.2.1.1/24", "gateway":"10.2.1.253" }, { "address":"2001::10.2.1.1/120", "gateway":"2001::10.2.1.253" } ] }, "kubeConfig":"/etc/kubernetes/kubelet.conf" }'virtual-switchinstance to which the pod's trunk interface will be attached. - Apply the NAD manifest to create the network.
kubectl apply -f nad_trunk_mode.yaml networkattachmentdefinition.k8s.cni.cncf.io/vswitch created
- Verify the NAD is created.
[root@jcnr-01]# kubectl get net-attach-def NAME AGE vswitch 57s
- Here is an example yaml to create a pod attached to the
vswitchnetwork:apiVersion: v1 kind: Pod metadata: name: pod1 annotations: k8s.v1.cni.cncf.io/networks: vswitch spec: containers: - name: pod1 image: ubuntu:latest imagePullPolicy: IfNotPresent securityContext: privileged: false env: - name: KUBERNETES_POD_UID valueFrom: fieldRef: fieldPath: metadata.uid volumeMounts: - name: dpdk mountPath: /dpdk subPathExpr: $(KUBERNETES_POD_UID) volumes: - name: dpdk hostPath: path: /var/run/jcnr/containersk8s.v1.cni.cncf.io/networksannotation. - Apply the pod manifest.
[root@jcnr-01]# kubectl apply -f pod_trunk_mode.yaml pod/pod1 created
- Verify the pod is running.
[root@jcnr-01 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE pod1 1/1 Running 0 38s
- Describe the pod to verify a secondary interface is created and attached to the
vswitchnetwork. (The output is trimmed for brevity).[root@jcnr-01 ~]# kubectl describe pod pod1 Name: pod1 Namespace: default Priority: 0 Node: jcnr-01/10.100.20.25 Start Time: Mon, 26 Jun 2023 09:53:31 -0400 Labels: <none> Annotations: cni.projectcalico.org/containerID: ac6f0a26ebfe68adf3b020d0def96f09e6b2b5c6303f55c0dde277b1ce7f9d9f cni.projectcalico.org/podIP: 10.233.91.81/32 cni.projectcalico.org/podIPs: 10.233.91.81/32 jcnr.juniper.net/dpdk-interfaces: [ { "name": "net1", "vhost-adaptor-path": "/dpdk/vhost-net1.sock", "vhost-adaptor-mode": "client", "ipv4-address": "10.2.1.1/24", "ipv6-address": "2001::a02:101/120", "mac-address": "02:00:00:5B:C7:9F" } ] k8s.v1.cni.cncf.io/network-status: [{ "name": "k8s-pod-network", "ips": [ "10.233.91.81" ], "default": true, "dns": {} },{ "name": "default/vswitch", "interface": "net1", "ips": [ "10.2.1.1", "2001::a02:101" ], "mac": "02:00:00:5B:C7:9F", "dns": {} }] ... - Verify the vRouter has the corresponding interface created. Access the vRouter CLI
and issue the
vif --listcommand.vif0/2 PMD: vhostnet1-57f38cc0-6555-4bc2-ac MTU: 9160 Type:Virtual HWaddr:02:00:00:dc:c9:27 DDP: OFF SwLB: ON Vrf:0 Flags:L2 QOS:-1 Ref:11 RX queue errors to lcore 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Vlan Mode: Trunk Vlan: 201-203 RX packets:0 bytes:0 errors:0 TX packets:4 bytes:256 errors:0 Drops:0 TX port packets:0 errors:4Virtualand the Vlan mode is set totrunkwith the Vlan ID set to201-203. The VRF is always 0 for L2 interfaces.